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DETAILED ACTION 

This action is in response to the papers filed 1 1/28/2007. 



Response to Arguments 

Applicant's arguments have been fully considered but they are not 
persuasive. Sudia in view of Abbondanzio is not a improper combination. It would 
have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains to have used Sudia 
system of installing new or additional firmware code with Abbondanzio method of 
transmitting a sign boot code as a more secure way to transmit boot code. 
Therefore one would have been motivated to have Sudia system of installing new 
or additional firmware code with Abbondanzio method of transmitting a sign boot 
code. 

Applicant's arguments with respect to Sudia in view of Abbondanzio have 
been fully considered but they are not persuasive. The combination teaches how 
to execute signed authorized code that embodies a boot process. Sudia 
paragraph 0249 teaches i.e. The third party could then develop, test, and 
approve replacement or additional firmware routines, sign them with the third 
party's private signature key, and attach its upgrade certificate from the 
manufacturer thereto ... upon receiving such an upgrade, the user would load 
both the signed code routines and the manufacturer's upgrade certificate into the 
device ...verify the third party's signature on the new code routines against the 
manufacturer's upgrade certificate. 
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Abbondanzio teaches that authorized code is authorized boot code 
including instructions for performing a boot process for a computer device 
comprising the processor (see paragraph 0036). It would have been obvious at 
the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains to have used Sudia system of installing new or 
additional firmware code with Abbondanzio method of transmitting a sign boot 
code as a more secure way to transmit boot code. Therefore one would have 
been motivated to have Sudia system of installing new or additional firmware 
code with Abbondanzio method of transmitting a sign boot code. 

Applicant's arguments that Abbondanzio the boot code is executed on a 
network off the system that is booted have been fully considered but they are not 
persuasive. Figure 6 steps 607 - 609 teach the encrypted boot code image is 
transmitted to the appropriate server where it is authenticated and run. This is 
also taught in paragraphs 0058-0060 i.e. "If the received boot code image is 
authenticated, then server blade 110 may boot the received boot code image in 
step 609. That is, if the authentication parameter(s), e.g., public key, received by 
server blade 1 10 in step 605 decrypt the received encrypted boot code image, 
then server blade 110 may boot the received boot code image in step 609". 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claims 1 1 , 1 4, 1 6, 1 8 and 22-26 are rejected under 35 U.S.C. 1 03(a) as 
being unpatentable over Sudia (U.S. 2001/0050990) in view of Mattison 
(5778070) in view of Abbondanzio et al (2003/0188176). 

With respect to calms 1 1 and 22, a method for ensuring that a processor 
will execute only authorized code, said method comprising: reading a certificate 
including a first public key into a protected memory (see paragraph 0249 i.e. the 
manufacturer could sign a firmware upgrade certificate containing a public key of 
the third party firmware provider and issue it to that third party... upon receiving 
such an upgrade, the user would load both the signed code routines and the 
manufacturer's upgrade certificate into the device); validating said certificate with 
a second public key permanently stored on said processor (see paragraph 0248 
i.e. tamper-resistant trusted device that contains an embedded manufacturer's 
public key, a protected non-volatile memory area and a secure central processor 
unit (CPU) and can upgrade or supplement in a trusted manner any firmware 
routines embedded by the manufacturer and paragraph 0249 i.e. verify the 
upgrade certificate against the manufacturer's public signature key that was 
embedded in the device during manufacture); reading a signed authorized code 
into said protected memory (see paragraph 0249 i.e. The third party could then 
develop, test, and approve replacement or additional firmware routines, sign 
them with the third party's private signature key, and attach its upgrade certificate 
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from the manufacturer thereto ... upon receiving such an upgrade, the user 
would load both the signed code routines and the manufacturer's upgrade 
certificate into the device), wherein said protected memory is cryptographically 
protected (see paragraph 0249 digital signed data is a type of cryptographically 
protected data); reading by said processor a digital signature used to sign said 
signed authorized boot code; verifying said decrypted digital signature in 
accordance with said first public key (see paragraph 0249 i.e. verify the third 
party's signature on the new code routines against the manufacturer's upgrade 
certificate); and executing by the processor said signed authorized code having a 
verified digital signature by branching to a copy of said authorized code in said 
protected memory, wherein said digital signature of said signed authorized boot 
code is previously verified and executing further comprises performing inline 
decryption of the copy of said authorized code in said protected memory (see 
paragraph 0248 i.e. The trusted device does the upgrading or supplementing by 
accepting as input a body of data containing new or additional firmware code that 
is suitable for that type of device and is digitally signed with the manufacturer's 
signature, which signature assures the device that the new firmware code has 
been developed, tested and approved by the manufacturer and that the device 
should therefore either (a) overlay one or more currently embedded firmware 
routines with the new firmware code or (b) add the new firmware code as one or 
more new routines in a currently unused area of protected memory). 

Sudia does not teach decrypting the digital signature to generate a 
decrypted digital signature and that authorized code is authorized boot code 
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including instructions for performing a boot process for a computer device 
comprising the processor. 

Mattison teaches decrypting the digital signature to generate a decrypted 
digital signature (see column 3 lines 1-50). It would have been obvious at the 
time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains to have decrypted the digital signature to get the 
hash value that can be compared to a generated hash value to verify that the 
data that the digital signature id for has not been tampered with (see Mattison 
column 3 lines 1-50. Therefore one would have been motivated to have 
decrypted the digital signature. 

Abbondanzio teaches that authorized code is authorized boot code 
including instructions for performing a boot process for a computer device 
comprising the processor (see paragraph 0036). It would have been obvious at 
the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains to have used Sudia system of installing new or 
additional firmware code with Abbondanzio method of transmitting a sign boot 
code as a more secure way to transmit boot code. Therefore one would have 
been motivated to have Sudia system of installing new or additional firmware 
code with Abbondanzio method of transmitting a sign boot code. 

With respect to claim 13, wherein the integrity of the contents of said 
protected memory is protected by encryption using a cryptographic key stored on 
said processor (see paragraph 0249 i.e. sign them with the third party's private 
signature key). 
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With respect to claims 14 and 25, wherein said protected memory is 
physically protected (see paragraph 0248 i.e. tamper-resistant trusted device and 
(see paragraph 0249 i.e. sign them with the third party's private signature key). 

With respect to claims 16 and 26, wherein the integrity of said authorized 
code is protected at run time (see paragraph 0248 i.e. tamper-resistant trusted 
device and paragraph 0249 i.e. sign them with the third party's private signature 
key). 

With respect to claims 18, wherein the privacy of said authorized code is 
protected at run time (see paragraph 0248 i.e. tamper-resistant trusted device 
and paragraph 0249 i.e. sign them with the third party's private signature key). 

With respect to claim 23, a computing device for securely executing 
authorized code, said computing device comprising: a protected memory (see 
paragraph 0248 i.e. tamper-resistant trusted device that contains an embedded 
manufacturer's public key, a protected non-volatile memory area and a secure 
central processor unit (CPU) and can upgrade or supplement in a trusted manner 
any firmware routines embedded by the manufacturer) for storing a signed 
authorized boot code, which contains an original digital signature (see paragraph 
0249 i.e. The third party could then develop, test, and approve replacement or 
additional firmware routines, sign them with the third party's private signature 
key, and attach its upgrade certificate from the manufacturer thereto ... upon 
receiving such an upgrade, the user would load both the signed code routines 
and the manufacturer's upgrade certificate into the device), wherein said 
protected memory is cryptographically protected (see paragraph 0249 digital 
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signed data is a type of cryptographically protected data); and a processor 
comprising inline cryptography and integrity hardware for excuting said signed 
authorized boot code said processor in signal communication with said protected 
memory said processor reading and decrypting said signed authorized boot code 
from the protected memory and executing said signed authorized boot code from 
the protected memory for booting the computing device after verifying that said 
digital signature contained in said signed authorized boot code is valid as 
decrypted in accordance with a first public key stored in said protected memory, 
said first public key validated by a second public key permanently stored on said 
processor, and branching to said signed authorized boot code in said protected 
memory to begin the execution (see paragraph 0248 i.e. tamper-resistant trusted 
device that contains an embedded manufacturer's public key, a protected non- 
volatile memory area and a secure central processor unit (CPU) and can 
upgrade or supplement in a trusted manner any firmware routines embedded by 
the manufacturer and paragraph 0249 i.e. The device would then verify the third 
party's signature on the new code routines against the manufacturer's upgrade 
certificate and then verify the upgrade certificate against the manufacturer's 
public signature key that was embedded in the device during manufacture). 

With respect to claim 24, wherein the integrity of the contents of said 
protected memory is protected by encryption (see paragraph 0248 i.e. tamper- 
resistant trusted device and (see paragraph 0249 i.e. sign them with the third 
party's private signature key). 
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With respect to claim 29, a first summing block summing said read copy of 
said signed authorized boot code from the protected memory with a whitening 
value; a decryption block decrypting an output of said first summing block; a 
second summing block summing an output of said decryption block with said 
whitening value to generate plaintext data corresponding to said copy of said 
signed authorized boot code from said protected memory; and a function block 
validating said plaintext data for execution (see paragraph 0248 i.e. tamper- 
resistant trusted device that contains an embedded manufacturer's public key, a 
protected non-volatile memory area and a secure central processor unit (CPU) 
and can upgrade or supplement in a trusted manner any firmware routines 
embedded by the manufacturer and paragraph 0249 i.e. The device would then 
verify the third party's signature on the new code routines against the 
manufacturer's upgrade certificate and then verify the upgrade certificate against 
the manufacturer's public signature key that was embedded in the device during 
manufacture). 

Claims 17, 19, 27 and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sudia (U.S. 2001/0050990) view of Abbondanzio et al 
(2003/0188176) in view of Morgan et al (U.S. Patent # 6,185,685). 

With respect to claims 17 and 27, Sudia and Abbondanzio do not teach 
wherein the integrity of said authorized code is protected with symmetric key 
encryption. Morgan teaches wherein the integrity of said authorized code is 
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protected with symmetric key encryption (see Morgan column 8 line 60 - column 
9 lines 31). Morgan teaches using a symmetric key to encrypt and decrypt the 
encrypted public key (see Morgan column 8 line 60 - column 9 lines 31 ). It would 
have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains to have used a 
symmetric key to encrypt and decrypt the encrypted public key to increase the 
security to the encryption algorithm (see Morgan column 2 lines 32-65). 
Therefore one would be motivated to have encrypted the authorized code with a 
symmetric key before storing it in the protected memory and decrypted the 
authorized code with the symmetric key for execution of the authorized code. 

With respect to claims 19 and 28, wherein the privacy of said authorized 
code is protected at run time with symmetric key encryption (see Morgan column 
8 line 60 - column 9 lines 31 ). 

Conclusion 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Devin Almeida whose telephone number 
is 571-270-1018. The examiner can normally be reached on Monday-Thursday 
from 7:30 A.M. to 5:00 P.M. The examiner can also be reached on alternate 
Fridays from 7:30 A.M. to 4:00 P.M. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron, can be reached on 571-272-3799. The 
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fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 

/Devin Almeida/ 
Examiner, Art Unit 2432 



/Gilberto Barron Jr./ 

Supervisory Patent Examiner, Art Unit 2432 



